Skype protocol

Skype pioneered peer-to-peer (P2P) technology for IP telephony.{{cite arXiv |eprint=cs/0412017v1 |author1=Salman A. Baset |author2=Henning Schulzrinne |title=An analysis of the Skype peer-to-peer Internet telephony protocol |year=2004 |page=11}} Its architecture includes supernodes, ordinary nodes, and a login server. Each client maintains a cache of reachable supernodes, while user directory data is distributed across these supernodes, organized into slots and blocks.{{cn|date=November 2022}}

Initially, any client with sufficient bandwidth and processing power could become a supernode. This setup posed challenges for users behind firewalls or Network Address Translation (NAT) because their connections could be used to facilitate calls between other clients. In 2012, Microsoft transitioned control of supernodes to its data centers to enhance performance and scalability,{{cite news |last=Branscombe |first=Mary |date=27 July 2012 |title=Forget the conspiracy theories: Skype's supernodes belong in the cloud |url=https://www.zdnet.com/article/forget-the-conspiracy-theories-skypes-supernodes-belong-in-the-cloud/ |access-date=17 June 2013 |newspaper=500 words into the future (ZDNet)}}{{cite news |date=2 May 2012 |title=Skype replaces P2P supernodes with Linux boxes hosted by Microsoft (updated) |url=https://arstechnica.com/business/2012/05/skype-replaces-p2p-supernodes-with-linux-boxes-hosted-by-microsoft/ |access-date=17 June 2013 |newspaper=Ars Technica}} raising privacy concerns{{cite news |last=Kosner |first=Anthony |date=18 July 2012 |title=Will Microsoft's Changes To The Architecture Of Skype Make It Easier To Snoop? |url=https://www.forbes.com/sites/anthonykosner/2012/07/18/did-microsoft-change-the-architecture-of-skype-to-make-it-easier-to-snoop/ |access-date=17 June 2013 |newspaper=Forbes blog}} that were later highlighted by the PRISM surveillance revelations in 2013.{{cite news |last=Gallagher |first=Ryan |date=6 June 2013 |title=Newly Revealed PRISM Snooping Makes Verizon Surveillance Look Like Kids' Stuff |url=http://www.slate.com/blogs/future_tense/2013/06/06/nsa_prism_surveillance_private_data_from_google_microsoft_skype_apple_yahoo.html |access-date=17 June 2013 |newspaper=Slate blog}}{{cite news |last=Greenwald |first=Glenn |author-link=Glenn Greenwald |date=7 June 2013 |title=NSA Prism program taps in to user data of Apple, Google and others |url=https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data |access-date=17 June 2013 |newspaper=The Guardian}}

Skype does not support IPv6,{{cite web |date=1 Nov 2012 |title=Skype does not support IPv6. |url=https://twitter.com/SkypeTalks/status/264057558262747136 |access-date=4 Nov 2012 |publisher=Skype official Twitter account}} which could simplify its communication infrastructure.

Supernodes relay communications for clients that are behind firewalls or NAT, enabling calls that would otherwise be impossible. However, issues may arise, such as:

• Non-derivable external port numbers or IP addresses due to NAT
• Firewalls blocking incoming sessions
• UDP issues like timeouts
• Port restrictions

Signaling in Skype is encrypted using RC4, but this method is considered weak because the encryption key can be recovered from the traffic. Voice data is protected with AES encryption.[http://www.ossir.org/windows/supports/2005/2005-11-07/EADS-CCR_Fabrice_Skype.pdf Introduction Skype analysis Enforcing anti-Skype policies], Skype uncovered Security study of Skype, Desclaux Fabrice, 7/11/2005, EADS CCR/STI/C The Skype API allows developers to access the network for user information and call management.

The code remains closed-source,{{cite web |title=Which protocols does Skype use? |url=http://support.skype.com/en_US/faq/FA153/Which-protocols-does-Skype-use |archive-url=https://web.archive.org/web/20090303112252/http://support.skype.com/en_US/faq/FA153/Which-protocols-does-Skype-use |archive-date=March 3, 2009 |website=Help |publisher=Skype}} and parts of the client utilize an open-source socket communication library called Internet Direct (Indy).{{Citation needed|date=December 2008}}

In July 2012, a researcher revealed insights gained from reverse-engineering the Skype client.{{cite web |title=Posts under Skype Reverse Category |url=http://www.oklabs.net/category/skype-reverse/ |website=oKLabs}}
{{cite web |title=Skype Reverse Engineering: The (long) journey ;).. |url=http://www.oklabs.net/skype-reverse-engineering-the-long-journey/ |website=oKLabs}}

Various networking and security firms claim to have methods for detecting Skype's protocol. While their specific methods are proprietary, some published techniques include Pearson's chi-squared test and stochastic characterization using Naive Bayes classifiers.{{cite journal |author=Dario Bonfiglio |display-authors=etal |title=Revealing Skype Traffic: When Randomness Plays with You |url=https://www.dpacket.org/articles/revealing-skype-traffic-when-randomness-plays-you |url-status=dead |journal=ACM SIGCOMM Computer Communication Review |volume=37 |issue=SIGCOMM 2007 |pages=37–48 |archive-url=https://web.archive.org/web/20110430074127/https://www.dpacket.org/articles/revealing-skype-traffic-when-randomness-plays-you |archive-date=2011-04-30}}

Skype employs RC4 to obfuscate the payload of data packets. The initialization vector (IV) is derived from a combination of the public source and destination IPs and a packet ID, transformed into an RC4 key.

Notably, the misuse of RC4 can occur on TCP streams, where the first 14 bytes of a stream are XOR-ed with the RC4 stream, impacting data security.{{cite conference |author1=Fabrice Desclaux |author2=Kostya Kortchinsky |date=2006-06-17 |title=Vanilla Skype part 2 |url=http://www.recon.cx/en/f/vskype-part2.pdf |book-title=RECON2006}}

Most Skype traffic is encrypted, with commands and their parameters organized in an object list that can be compressed using a variant of arithmetic compression.

The terms of Skype's license agreement prohibit reverse engineering. However, EU law allows for reverse engineering for interoperability purposes,[http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:111:0016:01:EN:HTML Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2009 on the legal protection of computer programs] and the U.S. Digital Millennium Copyright Act provides similar protections.17 U.S.C. Sec. 1201(f).WIPO Copyright and Performances and Phonograms Treaties Implementation ActSega vs Accolade, 1992Sony vs Connectix, 2000{{cite journal |author=Pamela Samuelson |author-link=Pamela Samuelson |author2=Suzanne Scotchmer |name-list-style=amp |date=May 2002 |title=The Law and Economics of Reverse Engineering |url=http://www.yalelawjournal.org/pdf/111-7/SamuelsonFINAL.pdf |url-status=dead |journal=Yale Law Journal |volume=111 |issue=7 |pages=1575–1663 |doi=10.2307/797533 |jstor=797533 |archive-url=https://web.archive.org/web/20110716095222/http://www.yalelawjournal.org/pdf/111-7/SamuelsonFINAL.pdf |archive-date=2011-07-16 |access-date=2015-03-17}} Certain countries also permit copying for reverse engineering.In the French "intellectual property" law set, there is an exception that allows any software user to reverse engineer it. See [http://legifrance.gouv.fr/affichCodeArticle.do?cidTexte=LEGITEXT000006069414&idArticle=LEGIARTI000006278920&dateTexte=20080329&categorieLien=cid code de la propriété intellectuelle] {{in lang|fr}}. This law is the national implementation of a piece of EU legislation: [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31991L0250:EN:NOT Council Directive 91/250/EEC], since then repealed by [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32009L0024:EN:NOT Directive 2009/24/EC of the European Parliament and of the Council of 23 April 2009 on the legal protection of computer programs] which also has a very similar provision allowing reverse engineering/decompilation for the purposes of development and testing of independent but inter-operating programs).

{{Reflist|30em}}

{{Refbegin}}

• {{cite arXiv |eprint=cs/0412017v1 |title= An analysis of the Skype peer-to-peer Internet telephony protocol |year= 2004 |author1= Salman A. Baset |author2= Henning Schulzrinne |name-list-style=amp }}
• {{Cite web|author1=P. Biondi |author2=F. Desclaux |name-list-style=amp | title = Silver Needle in the Skype | url = https://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-biondi/bh-eu-06-biondi-up.pdf | date = March 3, 2006}}
• {{Cite web|author1=F. Desclaux |author2=K. Kortchinsky |name-list-style=amp | title = Vanilla Skype - part 1 | url = http://www.recon.cx/en/f/vskype-part1.pdf| date = June 6, 2006}}
• {{Cite web|author1=F. Desclaux |author2=K. Kortchinsky |name-list-style=amp | title = Vanilla Skype - part 2 | url = http://www.recon.cx/en/f/vskype-part2.pdf| date = June 17, 2006}}
• {{Cite web|author1=L. De Cicco |author2=S. Mascolo |author3=V. Palmisano | title = An Experimental Investigation of the Congestion Control Used by Skype VoIP. | work = WWIC 07 | publisher = Springer | date = May 2007 | url = http://c3lab.poliba.it/images/d/d2/Skype_wwic07.pdf}}
• {{Cite web|author1=L. De Cicco |author2=S. Mascolo |author3=V. Palmisano | title = A Mathematical Model of the Skype VoIP Congestion Control Algorithm. | work = Proc. of IEEE Conference on Decision and Control 2008 | date = December 9–11, 2008 | url = http://c3lab.poliba.it/images/2/22/Skype_voip_model.pdf }}
• {{Cite web|author1=Dario Bonfiglio |author2=Marco Melia |author3=Michela Meo |author4=Dario Rossi |author5=Paolo Tofanelli | title = Revealing Skype Traffic: When Randomness Plays With You | publisher = ACM SIGCOMM Computer Communication Review | date = August 27–31, 2007 | url = http://www.sigcomm.org/node/2623 }}

{{Refend}}

• [http://kirils.org/skype/ Website containing articles and tools related to Skype protocol and behaviour analysis ]
• [http://www1.cs.columbia.edu/~salman/skype/ Repository of articles on Skype analysis]
• [https://translate.google.com.ua/translate?sl=ru&tl=en&js=y&prev=_t&hl=ru&ie=UTF-8&u=https%3A%2F%2Fmarakew.github.io%2Fskype_research.html&edit-text= Skype Architecture Inside]

{{Instant messaging}}

{{DEFAULTSORT:Skype Protocol}}

Category:VoIP protocols

Category:Instant messaging protocols

Category:Skype

it:Protocollo Skype

sk:Skype Protocol